There have been increased incidents of fraudsters abusing credit and debit card terminals during the checkout process. Some of these cases involve the Ingenico Telium series terminals. Below are some common ways for merchants to protect their business from terminal fraud:
This is probably the most important step to protecting your business from payment terminal based fraud. Payment terminals come from the factory programmed with a default password which is usually the similar across all models of machines. As such, many people know the default password for the machines and can use it to commit fraud against your business. The simple process of entering a custom password for your machine can eliminate almost all risk of terminal based fraud. In the most common cases, fraudsters will cancel a sale and try to process a different transaction type, such as a refund, using the default password to access restricted functions. When you set a custom password, potential fraudsters would need to know your unique, individual password to perform these functions, rather than the generic, well known default passwords. In short – default passwords afford little protection or piece of mind - add a unique password to your terminal using the instructions below:
When a customer is using your terminal to pay for their purchase, you must pay attention to ensure that they do not conduct any suspect activity. A customer that tries to distract you, has the machine for too long or seems to be implementing an unusual number of keystrokes (excessive button pushing) should be treated as suspicious. The most common cases are fraudsters quickly cancelling a transaction using the menu options, and starting a new transaction such as a refund, void or sale for a small amount. Merchants should ensure that there is nothing out of the ordinary being done to the terminal by the customer.
One of the easiest ways to prevent fraud is to ensure that your customers are using chip cards when paying for transactions. Chip cards in most cases shift the liability away from your business and to the bank. If your customer has a card that can only be swiped, you may want to verify their ID or withhold the transaction until they can provide a proper card.
When completing the transaction, be sure to check the top of the receipt for the transaction type that was just processed. Make sure that the transaction type matches what you had processed, whether it is a sale, refund, pre-authorization or otherwise.
By following these steps, you can greatly reduce the chance of your business being a victim of fraud. Be sure to reach out to the Helcim team with any further questions!
Helcim is a US and Canadian credit card processing company. We believe in a transparent approach to business and we are passionate about educating merchants and business owners on the world of payments. We use our blog to share news, educate and dig deeper into topics that we find interesting. You can reach us anytime at email@example.com or join the conversation in our comments section.